Cooks in Clinton crypto kitchen
Deciphering the Clinton administration's people and policy on encryption is about as tough as understanding the technology itself.
Since January, no fewer than five high-ranking White House officials have laid out policy on the controversial issue, sometimes contradicting each other. Most recently, FBI director Louis Freeh sparked controversy last week when he testified before a Senate subcommittee that in order to do its job in the digital age, law enforcement needed the ability to immediately decode all encrypted messages, including communications within the United States, flowing over public networks.
The fact that Freeh's comments alluded to similar controls on domestic encryption products raised an outcry from civil libertarians and industry representatives. The White House quickly backed away from Freeh's proposal, saying the FBI director was speaking as a law enforcement official, not as a spokesman for the White House. The Clinton administration has never supported mandatory controls on the domestic use of encryption, a White House spokeswoman said.
In addition to Freeh, Vice President Al Gore, Commerce Department undersecretary William Reinsch, senior Clinton adviser Ira Magaziner, and Clinton "crypto czar" David Aaron have all spoken publicly about encryption policy, leading to some confusion about who calls the shots on the issue.
In reality, some of those pontificating the loudest have little formal role in devising the administration's encryption policy, while some officials behind the scenes wield more influence than one might think.
As with most complex issues in Washington, the White House takes a bureaucratic approach to setting policy on encryption and has created a "deputies group" to represent various crypto constituencies. The list varies depending on who one asks, but it is sure to include Gore, his domestic policy adviser Don Gipps, Reinsch, Sally Katzen, administrator of information and technology with the Office of Management and Budget, and National Security Agency deputy director William Crowell.
Crypto cooks in the Clinton kitchen | |
Al Gore,
U.S. vice president Has last word on Clinton's crypto policy, coined term "information superhighway." | |
William Reinsch,
Commerce
undersecretary Faithfully totes White House stance on encryption by favoring export controls while shunning its domestic regulation. | |
Louis Freeh,
FBI
director Administration's bad boy on crypto policy by on at least two occasions calling for mandatory controls on domestic encryption. White House says he speaks for law enforcement. | |
Ira Magaziner,
White House
senior adviser Clinton's point man on all things digital, including e-commerce and the Internet. Has minimal influence on crypto decisions and policy but has wonked philosophically on its importance in the networked world. | |
David Aaron,
Commerce
"crypto czar" Despite the catchy title, his role has been that of an ambassador, encouraging other countries to adopt crypto policies in sync with the White House's. Was recently kicked upstairs to a role that will likely remove him completely from crypto policymaking. | |
William Crowell,
NSA
deputy director Like Freeh, he testifies regularly that crypto controls are crucial but remains faithful to stated Clinton policy. Will retire this week. |
Others also get seats on the committee, including representatives from the Treasury, Defense, and Justice departments. Both Attorney General Janet Reno and Freeh also attend regularly.
The Secure Public Networks Act would provide strong incentives for companies to install so-called "key recovery" features into their encryption products. The features would allow government officials with a court order to immediately decrypt coded messages.
"This is a moving target," said Lauren Hall, chief technologist for the Software Publishers Association. "We have always suspected that the Clinton administration was using the export control discussion as a billy club to bring about the restriction on the domestic use of encryption."
Rights advocates from the Electronic Privacy Information Center say the administration's goal all along has been to bring about mandatory key recovery. They point to an April 1993 document jointly written by members of the FBI, Justice Department, and National Security Agency that called for requiring all encryption products in the United States to have "real-time decryption" capabilities built in.
The administration argues that Freeh's recent testimony and a related legislative proposal that was written with the help of the Office of Management and Budget do not signal inconsistencies either.
"There was a lot of talk within the administration about [the proposed legislation], and there was agreement that [it] would be acceptable," said Baker, an attorney with Steptoe & Johnson. "It's more than a trial balloon and less than [first astronaut] John Glenn...like when they sent up the monkey into space."
"Under [the bill], use of key recovery would be a condition for participating in the information society," said Jonah Seiger, a spokesman for the Center for Democracy and Technology.
The bill, sponsored by Sens. John McCain (R-Arizona) and Bob Kerrey (D-Nebraska), would require all computer systems supported by government funds to deploy key recovery. It would also set up an elaborate framework for so-called "certificate authority" systems, which will become necessary to validate a person's online identity if electronic commerce is to ever take hold.
The McCain-Kerrey bill would provide tempting incentives for certificate authorities to be endorsed by the government, but would also require them to comply with a key recovery scheme, placing the authorities who don't subscribe to the back-door system at a severe disadvantage.
"They say it's voluntary, but it's mandatory voluntary," Seiger added. "You'd be left with no choice but to use key recovery under McCain-Kerrey."